policy compliance options collide incompatibly without warning
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	dkg
	Fri, Jan 31, 7:16 AM

Description

gpg lets the user use policy compliance options like --rfc4880 or --rfc2440 or --openpgp or --compliance de-vs. the documentation claims that "Only one of these options may be active at a time." but the tool itself lets the user specify multiple options, like so without complaint:

gpg --compliance de-vs --compliance gnupg --decrypt

In addition to setting cryptographic and wire format policies, these choices also adjust parameter decisions, like the default cipher used with s2k (which can also be set with --s2k-digest), whether to strip trailing whitespace when making a canonical text document signature without using the CSF (--rfc2440-text), or whether to require a cross-certification (--require-cross-certification).

However, it's unpredictable which of these various policies and configuration choices take effect when two of them are in conflict, and gpg doesn't warn the user when a conflict arises.

For example, when making canonical text signatures over data that has trailing whitespace, these commands will all strip the trailing whitespace:

gpg --text --armor --rfc2440-text --sign
gpg --text --armor --rfc2440 --sign
gpg --text --armor --rfc4880 --rfc2440 --sign
gpg --text --armor --gnupg --rfc2440 --sign
gpg --text --armor --rfc2440 --gnupg --sign

while these commands will *not* strip the trailing whitespace:

gpg --text --armor --sign
gpg --text --armor --rfc4880 --sign
gpg --text --armor --gnupg --sign
gpg --text --armor --rfc2440 --rfc4880 --sign

That is, --gnupg does *not* override --rfc2440 when it follows it, but --rfc4880 *does* override --rfc2440 when it follows it.

Similarly, the default symmetric cipher and hash used for symmetric encryption interact strangely with the order of different options.

One part of this appears to be that --gnupg (and its synonym --compliance=gnupg, as well as distinct options --pgp7 and --pgp8) only set opt.compliance and don't update any of the more granular opts fields directly, in theory leaving the rest of opt set to the default values set at the top of main(). But if one of the other options that sets granular opts fields is invoked first, then --compliance=gnupg cannot restore those choices to their prior defaults.

And, then again, there are some granular opts fields that are never touched by any of these "compliance" options.

At the very least, it seems like gpg should warn the user when two incompatible --compliance options are in effect at the same time.

Details

Version: 2.4.7

Revisions and Commits

rG GnuPG
	rG4b2729b983bf gpg: Simplify the compliance settings.
	rG0bdf5859935e gpg: --compliance=gnupg restores default for policy-affected options
	rG04d58ff84755 gpg: --compliance={pgp7, pgp8} also now restore default options

Related Objects

Mentioned Here: rGc2ff47d5bcd2: gpg: Base compliance "de-vs" now on "gnupg" and not on "openpgp".

Event Timeline

dkg created this task.Fri, Jan 31, 7:16 AM

That gpg seems to be some other or patched software than the one from gnupg:

$ gpg --policy
gpg: invalid option "--policy"

(with all versions I tested).

sorry for the confusion in the initial report -- the policy compliance option is of course --compliance, and not --policy, and i just miswrote it in one line of the description above. I've corrected it now, and all the rest of the report is still as it was.

attached here is a series of 4 patches that reinforce that the last --compliance policy option (or equivalent option, like --rfc4880 or --gnupg) supercedes any earlier one.

0001-gpg-compliance-rfc2440-does-not-require-cross-certif.patch1 KBDownload

0002-gpg-compliance-gnupg-restores-default-for-policy-aff.patch3 KBDownload

0003-gpg-compliance-pgp7-pgp8-also-now-restore-default-op.patch1 KBDownload

0004-doc-Record-that-gpg-policy-compliance-options-are-la.patch1 KBDownload

If you'd prefer that i squash them down to a single commit, i've put that in a followup comment. i sent it to gnupg-devel as well. You can also find them on the policy-options git branch at https://gitlab.com/dkg/gnupg.git.

Here's all of the above patches squashed into a single patch:

0001-gpg-The-last-compliance-option-supersedes-previous-o.patch5 KBDownload

This is also available on the policy-options-squashed branch at https://gitlab.com/dkg/gnupg.git as 1d16dee4b88a1cb048e45b3595f1bf8bc000c30d

Thanks. I applied all 4 patches to master and did one additional change to get --allow-old-cipher-algos straight.

• werner edited projects, added gnupg26; removed gnupg.Mon, Feb 3, 11:50 AM

• werner moved this task from Backlog to Done on the gnupg26 board.

• werner added a commit: rG04d58ff84755: gpg: --compliance={pgp7, pgp8} also now restore default options.Mon, Feb 3, 11:51 AM

• werner added a commit: rG0bdf5859935e: gpg: --compliance=gnupg restores default for policy-affected options.

• werner added a commit: rG4b2729b983bf: gpg: Simplify the compliance settings..

Thanks for the fix, @werner ! Here's a comparable patch for the 2.4 branch as well, but without the change to de-vs as i think the comment in rGc2ff47d5bcd2953fc2095ef2242af2c7e9cd4420 indicated that you only wanted to rebase de-vs to --gnupg in the 2.5.x series.

0001-gpg-Sync-compliance-mode-cleanup-with-master.patch6 KBDownload

please prefer the patch here over the one on the mailing list. my followups to the mailing list are not going through due to some kind of intermittent IPv4/IPv6 deliverability issue. Sorry for the confusion.

Sorry, this will not be fixed for 2.4.

Thanks for the followup. As a downstream maintainer, it would help me a lot to know why this won't be fixed for 2.4. Do you forsee a specific problem with it? Does the subtle change in semantics of previously unspecified combinations/permutations of options represent something you're trying to avoid on the stable release channel? Are there bugs that users should be worried about?